In our previous article, we talked about the SSH protocol. We gave a short introduction to the history of the protocol, as well as an example to abstract the operation and the inner workings of it in a very generalized way. At the end of that article, we shared the documentation of our examples.
In this article, we’ve provided a short user guide of what you need to know to test the functionality of an SSH server (including NetBurner applications using our wolfSSH powered library) with freely licensed software for either Windows, Linux, or Mac.
Installing the Software
Since SSH server applications are the most common, in this article, we’ll explain how to configure and use SSH client software on your computer.
This section will explain how to install and set up SSH clients depending on your operating system.
SSH Client (Windows)
On Windows, there are a wide variety of SSH client software options, but for practical purposes, we’ll look at one of the most popular and easy to use, which is PuTTY.
You can find the software on their official website and download the option that fits your computer architecture.
You can feel free to follow the default configuration of the installation wizard to have PuTTY installed and blindly click “Next” until it’s finished. The installer itself is relatively fast, and after a few seconds PuTTY will be installed and ready to use. When running the application, you’ll see a screen like the one shown below, which indicates that the installation was successful.
SSH Client (Command-Line, for Linux or Mac)
This command will display the software and the SSH version used. In this case, I’m using an Ubuntu distribution of Linux, and OpenSSH is already installed and ready to go.
SSH Authentication Using User and Password
The SSH authentication using a username and password is very straightforward and easy to do. This section will show you the steps necessary to use your SSH client to connect to an SSH server using your username and password.
To connect to the SSH server using PuTTY on Windows, open the application and follow the steps below:
1. In the “Host Name” (or IP address) field, write the IP address of your SSH server.
2. In the “Port” field, write the one of your SSH server; typically, it’s 22.
3. Ensure the SSH option is selected in the Connection Type section.
4. Press the “Open” button.
5. A security alert will appear asking you to accept the server’s authenticity. Click the “Accept” button.
6. A new window will appear requesting the user with a “login as” caption. Enter the user that you registered on the SSH server.
7. You’ll be prompted for the access password. Enter the value registered on the SSH server (when typing the password, you won’t see anything changing in the terminal, this is for security so that the length of your password cannot be seen).
8. If your login was successful, you’d see a message from your SSH server or the start of a terminal, which informs you that the connection was successful. The image below shows an example of a successful connection on NetBurner devices.
9. From this point on, all the transmitted information is sent through an encrypted channel.
10. You can simply close the PuTYY window or some SSH servers respond to the “exit” command to end the connection.
3. A message appears to ask you to validate the server’s authenticity and type “yes”.
4. A new line appears asking for your password; enter it, followed by hitting the enter key (when typing the password, you’ll not see anything change in the terminal, this is for security so that the length of your password cannot be seen).
5. If your login was successful, you’d see a message from your SSH server or the start of a terminal, which informs you that the connection was successful. The image below shows an example of a successful connection on NetBurner devices.
6. From this point on, all the transmitted information is sent through an encrypted channel.
7. You can simply close the terminal window or some SSH servers respond to the “exit” command to end the connection.
SSH Authentication Using Keys
Another way to authenticate the SSH client to the SSH server is to use SSH keys, which is more secure than using a password because the latter can be targeted by brute-force attacks.
This form of authentication is based on creating a public and private key pair. The public key will be shared with the server, and the private key will be stored on the computer and used each time the SSH client starts a connection. The server keeps a list of allowed users based on the client’s public key, and each time a connection is made, it’ll allow access if it matches the client that wants to connect.
To authenticate using SSH keys, first, you need to generate the keys. The following steps show how to do it on Windows and command-line for Linux and Mac.
1. Open PuTTYgen, which is included with the default installation.
2. PuTTY has several encryption algorithms to generate asymmetric keys. RSA is a common choice. Make sure to create it with at least 2048 bits. If the server supports it, we recommend using ECDSA, as you get smaller key sizes for the same security level. You can find the difference between some algorithms types In the following link.
3. Press the “Generate” button.
4. To generate randomness, move the mouse inside the empty area.
5. After a few seconds, a public and a private key are generated. You can add a passphrase (which is highly recommended) to make your keys more secure. Keep in mind, however, that some SSH servers do not allow this option.
6. Save the private key in a safe place by pressing the “Save private key” button.
7. To save the public key, press the “Save public key” button, or if your SSH server requires the key in another format, you can press the Conversions menu option.
8. Alternatively, you can copy the public key directly to your clipboard from the PuTTY interface in the Key section.
Authenticating with Keys
Once you have your keys, you need to provide the public key you just generated to the SSH server. This process will depend on your SSH server; the most common is a user interface in which you can upload your public key. After sharing the public key with the SSH server, you can connect your SSH client by following the steps below.
1. Open PuTTY and enter the IP of your SSH server and the port (usually, it’s 22). Then go to the
Connection -> SSH -> Auth section. In the “Authentication parameters” section, click on the “Browse…” button and choose the file with the private key generated using PuTTYgen previously.
2. Press the “Open” button. The first time a security alert appears, you must accept the server’s authenticity by pressing the “Accept” button.
3. If your login was successful, you’d see a message from your SSH server or the start of a terminal, which informs you that the connection was successful. The image below shows an example of a successful connection on NetBurner devices.
4. From this point on, all the transmitted information is sent through an encrypted channel.
5. To terminate the connection, you can simply close the terminal window. Alternatively, some SSH servers respond to the “exit” command.
By default, if you just run ssh-keygen without any parameters, it’ll generate a key pair using RSA with 2048 bits; more recent versions use 3072 bits by default.
3. When executing the command, the interface asks where to save the key. Type the path you want, or press enter to use the default path. If you already have a key in that path, you’ll be asked if you want to overwrite it. If you have different keys for several SSH servers, you should name each key differently.
ssh-keygen -t < algorithm> -b
4. The next step is to write a passphrase, which will make your key more secure. You can leave it blank for no passphrase.
5. After a few seconds, you’ll see the confirmation of the creation of the key pair and the paths where these were saved.
Getting the Keys
Where username and remote host are from your SSH server. This will copy the key to the server.
It’s important to note that your SSH server must have the password access option enabled. Since this is occasionally not available, you will have to do it manually.
Copy it manually
To manually obtain the public key, run the following command, changing the for the name of your public key file.
This will print the public key in the terminal. You can copy it and provide it to your server as specified by your SSH server provider.
Authenticating with Keys
Once you have the keys and have shared the public key with the server, you can connect to the server. You can follow the same steps presented in the authentication section using a username and password. The only difference is that you will not be required to enter the password during the process.
SSH Examples with NetBurner Devices
At NetBurner, we have prepared a series of SSH Server and SSH Client examples that will help you to quickly deploy SSH applications on your favorite devices using out NNDK 3.x tools.
The examples we currently have available are as follows:
SshMinimalClient: Use the NetBurner device as an SSH client to connect to another SSH server.
SshMinimalServer: Use the NetBurner device as an SSH server that allows connections from other SSH clients.
SshServerUserAuth: Use the NetBurner device as an SSH server that allows for user authentication. This example uses NetBurner’s UserAuth library to allow developers to manage username and authentication information.
SshServerUserKey: Use the NetBurner device as an SSH server. This example allows new SSH keys to be uploaded to the device and managed via a web interface.
Hopefully, the content of this article will be helpful for you to test your SSH applications on NetBurner systems and help you get your application to reality in no time.
At NetBurner, we’re constantly looking for new ideas or suggestions for new content, so if you have something in mind that you would like to see in our blog, don’t hesitate to post it in the comments. Or, if you have any questions, comments, or suggestions, feel free to contact us directly; we’ll get back to you as soon as possible.